<?php session_start(); ?>
<!DOCTYPE HTML>
<html>
<head>
<?php include"head.php";?>
<script type="text/javascript" src="js/dkdv.js"></script>
<link rel="stylesheet" href="css/thickbox.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="js/thickbox.js"></script>

<script type="text/javascript" src="js/MyScript.js"></script>

</head>
<body>
<?php
include ('dbcon.php');
include ('webtitle.php');
include ('topbannermenu.php');
include ('leftmenu.php');
include ('rightmenu.php');

?>
<div id = "divMid">
<?php
if(!isset($_SESSION['myname']))
	{
		echo 'Vui lòng đăng nhập .';
	}
	else
	{
		if(isset($_SESSION['DT']))
		{
 foreach($_SESSION['DT'] as $k => $v)
 {
  if(isset($k))
  {
   $ok=2;
  }
 }
}
if($ok == 2)
{

   echo "<form action='DT.php' method='post'>";
   foreach($_SESSION['DT'] as $key=>$value)
   {
    $item[]=$key;
   }
   $str=implode(",",$item);
   $connect=mysql_connect("localhost","root","") or die("Can not connect database");
   mysql_select_db("dtdd",$connect);
   mysql_query("SET NAMES 'utf8'", $connect);
		$query=mysql_query("select * from sanpham where MaSP in ($str)");
   $total = "";
   $id = "";
   while($row=mysql_fetch_array($query))
   {
	$total+=$_SESSION['DT'][$row[0]]*$row[3];
   }
		$a = mysql_fetch_array(mysql_query("select * from khachhang where id='".$_SESSION['myname']."'"));
		$b = mysql_fetch_array(mysql_query("select * from user where username='".$_SESSION['myname']."'"));
		echo '<div class="thongtinkh_cssdiv">';
		echo '<fieldset class="thongtinkh_cssfs">';
		echo 'Xin chào '.$a[2];
		echo '<br><br>';
		echo "Số tiền hiện có :". number_format($b[3],0)." đ ";
		echo "<br> Số Tiền bạn phải thanh toán :". number_format($total,0)." đ  ";
		if($b[3] < $total)
		{
			echo "Số tiền không đủ để thực hiện thanh toán. Mời bạn <a href='napthe.php'> Nạp Thêm Tiền </a>";	
		}
		else
		{
			$aa = mysql_fetch_array(mysql_query("select * from khachhang where id='".$_SESSION['myname']."'"));

			$tol = 0;
			echo "Thanh toán thành công .";
			$tol = $b[3] - $total;
			mysql_query("update user set taikhoan = '$tol' where username = '".$_SESSION['myname']."'");
			$MaKH = $aa[0];
						$HoTen = $aa[2];
			$Email = $aa[6];
			$DienThoai = $aa[4];
			$DiaChi = " ";
			$GhiChu = " ";
			$sqldate = mysql_query("select now()");
		   while($date = mysql_fetch_array($sqldate))
		   {
			   $dates = $date[0];
 			}
			$SL = 0;
 $SLTK = 0;
   $id = "";
   $MaxDH = "";
   $sqlDH = mysql_query("insert into DonHang values ('null', '$MaKH', '$dates', '$HoTen', '$DiaChi', '$Email', '$DienThoai','', 0,'$GhiChu')");
   $sqlMax = mysql_query("select max(madh) from donhang");
   
   while($rowdh = mysql_fetch_array($sqlMax))
   {
	   $MaxDH = $rowdh[0];
   }
	while($rowx=mysql_fetch_array($query))
   {
	   $SL = $_SESSION['DT'][$rowx[0]];
	   $SLTK = $rowx[6];
	   $id  = $rowx[0];
	   $DonGia = $_SESSION['DT'][$id];
	   $Gia = $_SESSION['DT'][$rowx[0]]*$rowx[3];
	   $t = mysql_query("insert into donhangchitiet values ('null', '$MaxDH', '$rowx[0]','$DonGia','$Gia' )");
	   $total+=$_SESSION['DT'][$rowx[0]]*$rowx[3];
   }
   mysql_query("update donhang set tongtien = $total where madh = $MaxDH");
  
   		echo "<br> Số tiền còn lại của quý khách là : ". number_format($tol,0)." đ  ";
		 unset($_SESSION['DT']);
		 $xx = $SLTK - $SL;
		 mysql_query("update sanpham set soluongtonkho = $xx where masp = $id");

   
			
		}
		echo '</div>';
	}
	}
?>				</div><!--end Noi dung-->
				
			</div><!--end mid-->
			
        </div><!--end body--> 
		<div class="block"></div>
      	<div id="Footer">Footer</div><!--end footer-->  
		
</div><!--end wapper-->
</body>
</html>